kore

a fork of the worlds most advanced web framework
Log | Files | Refs | README | LICENSE

commit a927acb7ee9cf05b9c3a945a3d2f4604e325e958
parent 69922598e7f2dcb4ee86dff3bbc08720a0360e94
Author: Joris Vink <joris@coders.se>
Date:   Tue, 31 Jul 2018 06:51:34 +0200

Add pledge support under OpenBSD.

All worker processes will now call pledge(2) after dropping
privileges (even if -rn was specified).

By default Kore will use the following promises:
	"stdio rpath inet error"

If your application requires more privileges, you can add more pledges
by setting them in your configuration using the 'pledge' directive:
	pledge dns wpath

Diffstat:
Minclude/kore/kore.h | 9+++++++++
Msrc/bsd.c | 27+++++++++++++++++++++++++++
Msrc/config.c | 17+++++++++++++++++
Msrc/worker.c | 5+++++
4 files changed, 58 insertions(+), 0 deletions(-)

diff --git a/include/kore/kore.h b/include/kore/kore.h @@ -60,6 +60,10 @@ extern int daemon(int, int); #endif #endif +#if defined(__OpenBSD__) +#define KORE_USE_PLATFORM_PLEDGE 1 +#endif + #define KORE_RESULT_ERROR 0 #define KORE_RESULT_OK 1 #define KORE_RESULT_RETRY 2 @@ -562,6 +566,11 @@ void kore_platform_worker_setcpu(struct kore_worker *); int kore_platform_sendfile(struct connection *, struct netbuf *); #endif +#if defined(KORE_USE_PLATFORM_PLEDGE) +void kore_platform_pledge(void); +void kore_platform_add_pledge(const char *); +#endif + void kore_accesslog_init(void); void kore_accesslog_worker_init(void); int kore_accesslog_write(const void *, u_int32_t); diff --git a/src/bsd.c b/src/bsd.c @@ -41,6 +41,10 @@ static int kfd = -1; static struct kevent *events = NULL; static u_int32_t event_count = 0; +#if defined(KORE_USE_PLATFORM_PLEDGE) +static char pledges[256] = { "stdio rpath inet error" }; +#endif + void kore_platform_init(void) { @@ -320,3 +324,26 @@ kore_platform_sendfile(struct connection *c, struct netbuf *nb) return (KORE_RESULT_OK); } #endif + +#if defined(KORE_USE_PLATFORM_PLEDGE) +void +kore_platform_pledge(void) +{ + if (pledge(pledges, NULL) == -1) + fatal("failed to pledge process"); +} + +void +kore_platform_add_pledge(const char *pledge) +{ + size_t len; + + len = strlcat(pledges, " ", sizeof(pledges)); + if (len >= sizeof(pledges)) + fatal("truncation on pledges"); + + len = strlcat(pledges, pledge, sizeof(pledges)); + if (len >= sizeof(pledges)) + fatal("truncation on pledges (%s)", pledge); +} +#endif diff --git a/src/config.c b/src/config.c @@ -63,6 +63,10 @@ static int configure_accept_threshold(char *); static int configure_set_affinity(char *); static int configure_socket_backlog(char *); +#if defined(KORE_USE_PLATFORM_PLEDGE) +static int configure_add_pledge(char *); +#endif + #if !defined(KORE_NO_TLS) static int configure_rand_file(char *); static int configure_certfile(char *); @@ -142,6 +146,9 @@ static struct { { "worker_set_affinity", configure_set_affinity }, { "pidfile", configure_pidfile }, { "socket_backlog", configure_socket_backlog }, +#if defined(KORE_USE_PLATFORM_PLEDGE) + { "pledge", configure_add_pledge }, +#endif #if !defined(KORE_NO_TLS) { "tls_version", configure_tls_version }, { "tls_cipher", configure_tls_cipher }, @@ -1378,3 +1385,13 @@ configure_python_import(char *module) return (KORE_RESULT_OK); } #endif + +#if defined(KORE_USE_PLATFORM_PLEDGE) +static int +configure_add_pledge(char *pledge) +{ + kore_platform_add_pledge(pledge); + + return (KORE_RESULT_OK); +} +#endif diff --git a/src/worker.c b/src/worker.c @@ -281,6 +281,11 @@ kore_worker_privdrop(const char *runas, const char *root) #endif fatal("cannot drop privileges"); } + +#if defined(KORE_USE_PLATFORM_PLEDGE) + kore_platform_pledge(); +#endif + } void